coop-cloud/gotosocial
coop-cloud/gotosocial
2
0
Fork 0
Code Issues1 Pull Requests Releases Activity

Warning! It looks like trusted-proxies is not set correctly in this instance's configuration. #5

New Issue
Closed
opened 2025-04-25 01:42:04 +00:00 by Brooke · 4 comments
Brooke commented 2025-04-25 01:42:04 +00:00
Owner
No description provided.
Brooke commented 2025-04-25 01:46:49 +00:00
Author
Owner

This issue is only applicable to testing 0.18.0

From reading the docs this should be fixed by setting GTS_TRUSTED_PROXIES but even setting a /0 cdir it doesn't seem to affect the error. Something of note is that the IP is different on all deployments so you can't just set /32, the recommended solution also doesn't work as it relies on suggested ip range (172.17.0.1/16). In my testing the error would list something like 10.0.x.x but setting 10.0.0.0/16 doesn't fix it either.

Furthermore, it seems like any "fix" would essentially disable the rate limiting feature, honestly I'm not even positive it was working on 0.17.0 either. So, maybe this warrants deeper discussion into how traefik x-forwarded-for should work ¯\_(ツ)_/¯

This issue is only applicable to testing 0.18.0 From reading the docs this should be fixed by setting GTS_TRUSTED_PROXIES but even setting a /0 cdir it doesn't seem to affect the error. Something of note is that the IP is different on all deployments so you can't just set /32, the recommended solution also doesn't work as it relies on suggested ip range (172.17.0.1/16). In my testing the error would list something like 10.0.x.x but setting 10.0.0.0/16 doesn't fix it either. Furthermore, it seems like any "fix" would essentially disable the rate limiting feature, honestly I'm not even positive it was working on 0.17.0 either. So, maybe this warrants deeper discussion into how traefik x-forwarded-for should work ¯\\\_(ツ)_/¯
decentral1se commented 2025-04-25 08:53:17 +00:00
Owner

Reminds me of .

Here's two config excerpts from trusted proxy configs but yeh, maybe you need host mode networking for this 😬

compose.yml Line 57 in 2744684292
- PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.16.0.0/12", "10.0.0.0/8"]

rauthy.cfg.tmpl Lines 1090 to 1099 in 83976da02c
# A `\n` separated list of trusted proxy CIDRs.
# When `PROXY_MODE=true` or `PEER_IP_HEADER_NAME` is set,
# these are mandatory to be able to extract the real client
# IP properly and safely to prevent IP header spoofing.
# All requests with a different source will be blocked.
TRUSTED_PROXIES="
127.0.0.1
172.16.0.0/12
10.0.0.0/8
"

Reminds me of https://git.coopcloud.tech/coop-cloud/peertube/issues/7. Here's two config excerpts from trusted proxy configs but yeh, maybe you need host mode networking for this 😬 https://git.coopcloud.tech/coop-cloud/peertube/src/commit/2744684292d66053a9681ac57692b9f026863dde/compose.yml#L57 https://git.coopcloud.tech/coop-cloud/rauthy/src/commit/83976da02c3e032505668150c24bc2dc71f3bd2f/rauthy.cfg.tmpl#L1090-L1099
Brooke commented 2025-04-25 17:51:50 +00:00
Author
Owner

Ah I completely forgot about that being an option in the traefik recipe, I'll do some more testing

Ah I completely forgot about that being an option in the traefik recipe, I'll do some more testing
👍 1
Brooke commented 2025-04-25 18:13:56 +00:00
Author
Owner

6b5f9a78cf

[6b5f9a78cf](https://git.coopcloud.tech/coop-cloud/gotosocial/commit/6b5f9a78cf3c2f5f7fe93a6c8df3d38752f40bcd)
🚀 1
Sign in to join this conversation.
No Label
No Milestone
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/gotosocial#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?